Exploit Database

144,352 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-43271 WRITEUP CRITICAL
70mai a500s <1.2.119 - Info Disclosure
Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols.
CVSS 9.1
CVE-2023-43281 WRITEUP MEDIUM
Nothings Stb Image.h <2.28 - Memory Corruption
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.
CVSS 6.5
CVE-2023-43317 WRITEUP HIGH
Coign CRM Portal <6.06 - Privilege Escalation
An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component.
CVSS 8.8
CVE-2023-43318 WRITEUP HIGH
TP-Link JetStream Smart Switch TL-SG2210P 5.0 - Privilege Escalation
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.
CVSS 8.8
CVE-2023-43339 WRITEUP MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via Database Configuration Parameters
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
CVSS 6.1
CVE-2023-43339 WRITEUP MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via Database Configuration Parameters
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
CVSS 6.1
CVE-2023-43340 WRITEUP MEDIUM
evolution_cms 3.2.3 - Cross-Site Scripting via cmsadmin, cmsadminemail, cmspassword, and cmspasswordconfirm Parameters
Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters
CVSS 5.2
CVE-2023-43341 WRITEUP MEDIUM
evolution_cms 3.2.3 - Cross-Site Scripting via UID Parameter
Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.
CVSS 6.1
CVE-2023-43342 WRITEUP MEDIUM
Quick CMS 6.7 - Stored Cross-Site Scripting in Languages Menu Component
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component.
CVSS 5.4
CVE-2023-43343 WRITEUP MEDIUM
Quick CMS 6.7 - Stored Cross-Site Scripting via Pages Menu Files Description Parameter
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.
CVSS 5.4
CVE-2023-43346 WRITEUP MEDIUM
Quick CMS 6.7 - Stored Cross-Site Scripting in Languages Menu Backend Dashboard Parameter
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.
CVSS 5.4
CVE-2023-43352 WRITEUP HIGH
CMS Made Simple 2.2.18 - Server-Side Template Injection via Content Manager Menu
An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.
CVSS 7.8
CVE-2023-43355 WRITEUP MEDIUM
CMS Made Simple 2.2.18 - Cross-Site Scripting via My Preferences Add User Password Parameters
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
CVSS 5.4
CVE-2023-43358 WRITEUP MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via News Menu Title Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
CVSS 5.4
CVE-2023-43360 WRITEUP MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via File Picker Top Directory Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
CVSS 5.4
CVE-2023-43361 WRITEUP HIGH
vorbis-tools 1.4.2 - Buffer Overflow during WAV to OGG Conversion
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
CVSS 7.8
CVE-2023-43361 WRITEUP HIGH
vorbis-tools 1.4.2 - Buffer Overflow during WAV to OGG Conversion
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
CVSS 7.8
CVE-2023-43364 WRITEUP CRITICAL
searchor < 2.4.2 - Remote Code Execution via CLI Input
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
CVSS 9.8
CVE-2023-43364 WRITEUP CRITICAL
searchor < 2.4.2 - Remote Code Execution via CLI Input
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
CVSS 9.8
CVE-2023-43364 WRITEUP CRITICAL
searchor < 2.4.2 - Remote Code Execution via CLI Input
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
CVSS 9.8
CVE-2023-43381 WRITEUP HIGH
Tianchoy Blog <1.8.8 - Info Disclosure
SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php
CVSS 7.5
CVE-2023-43468 WRITEUP CRITICAL
Janobe Online Job Portal <2020 - SQL Injection
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component.
CVSS 9.8
CVE-2023-43469 WRITEUP CRITICAL
Janobe Online Job Portal <2020 - SQL Injection
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component.
CVSS 9.8
CVE-2023-43470 WRITEUP CRITICAL
Janobe Online Voting System <1.0 - RCE
SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component.
CVSS 9.8
CVE-2023-43481 WRITEUP CRITICAL
Shenzhen TCL Browser TV Web BrowseHere <6.65.022 - XSS
An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component.
CVSS 9.8
By Source
All 144,352 Writeup 62,282 Exploitdb 50,076 Nomisec 22,409 Github 3,626 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25